Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let workspace private and personal by default for all user #376

Closed
wants to merge 5 commits into from
Closed

Let workspace private and personal by default for all user #376

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
68bfe8a
make a workspace private by default
Feb 19, 2024
d7cf903
add creator Id notion for workspace creation process for all storage …
Feb 20, 2024
e6b8817
fix syntax error
Feb 21, 2024
a66db55
Merge branch 'main' into feature/make-workspace-private
hghandri Feb 26, 2024
a2099c6
Merge branch 'main' into feature/make-workspace-private
hghandri May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 22 additions & 1 deletion lib/chatbot-api/functions/api-handler/routes/workspaces.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,9 @@ class CreateWorkspaceKendraRequest(BaseModel):
@router.resolver(field_name="listWorkspaces")
@tracer.capture_method
def list_workspaces():
workspaces = genai_core.workspaces.list_workspaces()

user_id = genai_core.auth.get_user_id(router)
workspaces = genai_core.workspaces.list_workspaces_by_user(user_id)

ret_value = [_convert_workspace(workspace) for workspace in workspaces]

Expand All @@ -68,11 +70,24 @@ def list_workspaces():
@router.resolver(field_name="getWorkspace")
@tracer.capture_method
def get_workspace(workspaceId: str):

user_id = genai_core.auth.get_user_id(router)
#Check policy before to fetch a data of workspace
workspace_policy = genai_core.workspaces.is_workspace_readable(workspaceId, user_id)

if not workspace_policy:
return None

workspace = genai_core.workspaces.get_workspace(workspaceId)

if not workspace:
return None

key_policies = ['is_owner', 'is_writable']

for key_policy in key_policies:
workspace[key_policy] = workspace_policy[key_policy]

ret_value = _convert_workspace(workspace)

return ret_value
Expand Down Expand Up @@ -116,6 +131,7 @@ def create_kendra_workspace(input: dict):


def _create_workspace_aurora(request: CreateWorkspaceAuroraRequest, config: dict):
user_id = genai_core.auth.get_user_id(router)
workspace_name = request.name.strip()
embedding_models = config["rag"]["embeddingsModels"]
cross_encoder_models = config["rag"]["crossEncoderModels"]
Expand Down Expand Up @@ -185,13 +201,15 @@ def _create_workspace_aurora(request: CreateWorkspaceAuroraRequest, config: dict
chunking_strategy=request.chunkingStrategy,
chunk_size=request.chunkSize,
chunk_overlap=request.chunkOverlap,
creator_id=user_id,
)
)


def _create_workspace_open_search(
request: CreateWorkspaceOpenSearchRequest, config: dict
):
user_id = genai_core.auth.get_user_id(router)
workspace_name = request.name.strip()
embedding_models = config["rag"]["embeddingsModels"]
cross_encoder_models = config["rag"]["crossEncoderModels"]
Expand Down Expand Up @@ -256,11 +274,13 @@ def _create_workspace_open_search(
chunking_strategy=request.chunkingStrategy,
chunk_size=request.chunkSize,
chunk_overlap=request.chunkOverlap,
creator_id=user_id,
)
)


def _create_workspace_kendra(request: CreateWorkspaceKendraRequest, config: dict):
user_id = genai_core.auth.get_user_id(router)
workspace_name = request.name.strip()
kendra_indexes = genai_core.kendra.get_kendra_indexes()

Expand All @@ -287,6 +307,7 @@ def _create_workspace_kendra(request: CreateWorkspaceKendraRequest, config: dict
workspace_name=workspace_name,
kendra_index=kendra_index,
use_all_data=request.useAllData,
creator_id=user_id,
)
)

Expand Down
8 changes: 8 additions & 0 deletions lib/chatbot-api/rest-api.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ export class ApiResolvers extends Construct {
props.ragEngines?.workspacesTable.tableName ?? "",
WORKSPACES_BY_OBJECT_TYPE_INDEX_NAME:
props.ragEngines?.workspacesByObjectTypeIndexName ?? "",
WORKSPACES_POLICY_TABLE_NAME:
props.ragEngines?.workspacesPolicyTable.tableName ?? "",
WORKSPACES_POLICY_BY_WORKSPACE_ID_INDEX_NAME:
props.ragEngines?.workspacesPolicyByWorkspaceIdIndexName ?? "",
DOCUMENTS_TABLE_NAME:
props.ragEngines?.documentsTable.tableName ?? "",
DOCUMENTS_BY_COMPOUND_KEY_INDEX_NAME:
Expand Down Expand Up @@ -128,6 +132,10 @@ export class ApiResolvers extends Construct {
);
}

if (props.ragEngines?.workspacesPolicyTable) {
props.ragEngines.workspacesPolicyTable.grantReadWriteData(apiHandler);
}

if (props.ragEngines?.auroraPgVector) {
props.ragEngines.auroraPgVector.database.secret?.grantRead(apiHandler);
props.ragEngines.auroraPgVector.database.connections.allowDefaultPortFrom(
Expand Down
4 changes: 4 additions & 0 deletions lib/rag-engines/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ export class RagEngines extends Construct {
public readonly documentsTable: dynamodb.Table;
public readonly workspacesTable: dynamodb.Table;
public readonly workspacesByObjectTypeIndexName: string;
public readonly workspacesPolicyTable: dynamodb.Table;
public readonly workspacesPolicyByWorkspaceIdIndexName: string;
public readonly documentsByCompountKeyIndexName: string;
public readonly documentsByStatusIndexName: string;
public readonly fileImportWorkflow?: sfn.StateMachine;
Expand Down Expand Up @@ -110,6 +112,8 @@ export class RagEngines extends Construct {
this.processingBucket = dataImport.processingBucket;
this.workspacesTable = tables.workspacesTable;
this.documentsTable = tables.documentsTable;
this.workspacesPolicyTable = tables.workspacesPolicyTable;
this.workspacesPolicyByWorkspaceIdIndexName = tables.workspacesPolicyByWorkspaceIdIndexName;
this.workspacesByObjectTypeIndexName =
tables.workspacesByObjectTypeIndexName;
this.documentsByCompountKeyIndexName =
Expand Down
27 changes: 27 additions & 0 deletions lib/rag-engines/rag-dynamodb-tables/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,12 @@ import { Construct } from "constructs";

export class RagDynamoDBTables extends Construct {
public readonly workspacesTable: dynamodb.Table;
public readonly workspacesPolicyTable: dynamodb.Table;
public readonly documentsTable: dynamodb.Table;
public readonly workspacesByObjectTypeIndexName: string =
"by_object_type_idx";
public readonly workspacesPolicyByWorkspaceIdIndexName: string =
"by_workspace_idx";
public readonly documentsByCompoundKeyIndexName: string =
"by_compound_key_idx";
public readonly documentsByStatusIndexName: string = "by_status_idx";
Expand Down Expand Up @@ -41,6 +44,29 @@ export class RagDynamoDBTables extends Construct {
},
});

const workspacesPolicyTable = new dynamodb.Table(this, "WorkspacesPolicy", {
partitionKey: {
name: "pk",
type: dynamodb.AttributeType.STRING,
},
sortKey: {
name: "sk",
type: dynamodb.AttributeType.STRING,
},
billingMode: dynamodb.BillingMode.PAY_PER_REQUEST,
encryption: dynamodb.TableEncryption.AWS_MANAGED,
removalPolicy: cdk.RemovalPolicy.DESTROY,
pointInTimeRecovery: true,
});

workspacesPolicyTable.addGlobalSecondaryIndex({
indexName: this.workspacesPolicyByWorkspaceIdIndexName,
partitionKey: {
name: "workspace_id",
type: dynamodb.AttributeType.STRING,
}
});

const documentsTable = new dynamodb.Table(this, "Documents", {
partitionKey: {
name: "workspace_id",
Expand Down Expand Up @@ -81,6 +107,7 @@ export class RagDynamoDBTables extends Construct {
});

this.workspacesTable = workspacesTable;
this.workspacesPolicyTable = workspacesPolicyTable;
this.documentsTable = documentsTable;
}
}
18 changes: 18 additions & 0 deletions lib/shared/layers/python-sdk/python/genai_core/aurora/delete.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@
import genai_core.utils.delete_files_with_prefix
from psycopg2 import sql
from genai_core.aurora.connection import AuroraConnection
import genai_core.workspaces

PROCESSING_BUCKET_NAME = os.environ["PROCESSING_BUCKET_NAME"]
UPLOAD_BUCKET_NAME = os.environ["UPLOAD_BUCKET_NAME"]
WORKSPACES_TABLE_NAME = os.environ["WORKSPACES_TABLE_NAME"]
WORKSPACES_POLICY_TABLE_NAME = os.environ["WORKSPACES_POLICY_TABLE_NAME"]
DOCUMENTS_TABLE_NAME = os.environ.get("DOCUMENTS_TABLE_NAME")

WORKSPACE_OBJECT_TYPE = "workspace"
Expand All @@ -30,6 +32,7 @@ def delete_aurora_workspace(workspace: dict):
)

workspaces_table = dynamodb.Table(WORKSPACES_TABLE_NAME)
documents_policy_table = dynamodb.Table(WORKSPACES_POLICY_TABLE_NAME)
documents_table = dynamodb.Table(DOCUMENTS_TABLE_NAME)

items_to_delete = []
Expand Down Expand Up @@ -68,3 +71,18 @@ def delete_aurora_workspace(workspace: dict):
)

print(f"Delete Item succeeded: {response}")

# Delete all workspace policy related to the current deletion workspace
items_policy_to_delete = genai_core.workspaces.list_policy_workspace_by_id(workspace_id)
# Batch delete in groups of 25
for i in range(0, len(items_policy_to_delete), 25):
with documents_policy_table.batch_writer() as batch:
for item in items_policy_to_delete[i : i + 25]:
batch.delete_item(
Key={
"pk": item["pk"],
"sk": item["sk"],
}
)

print(f"Deleted {len(items_policy_to_delete)} policy items.")
Loading